This video deals with the principle of
Least Common Mechanism. Least Common Mechanism
speaks to confinement. It basically says, don't share. The reason is that
information can flow along channels
when you share things. In fact, in many cases
these are known as covert channels or
side-channel attacks. As an example, let's say that you and I are on a system and
where in theory at least, completely isolated
from one another, but we're sharing a common CPU. So that's a shared channel. By manipulating how much
time I get on the CPU, if I get a little time
that's a zero bit, if I get a lot of
time that's a 1 bit. If you can measure that
and you can measure it by determining when you don't
have access to the CPU, information can be passed. Similarly, there's been a lot of work on side-channel attacks. That's where you
do encryption for example, or some action, but because of the way
the system runs, the power it draws,
the time it takes, and so forth, you're able to get information about secret things
like cryptographic keys. That is a type of covert channel. Again it's because
the system is being shared. Now to combat this, the way it's done
is with isolation. There are two types of
isolation essentially, one is the virtual machine, where this program is
placed or these mechanisms, the tools are placed into a virtual machine and they think the virtual machine
is the real machine. The virtual machine however, can control the interactions of those processes with
external resources. Sandboxes are jails trying to do the same thing but they don't provide a virtual machine, they run directly on the machine that the program would run on. But what they do
is they intercept system calls or they change the notion
of the environment, for example,
changing routes so that the root of the file system means something very different. Things like that. The sandboxes can be done either
at the program level or compilers can do checking or there are
wide variety of ways to do this. But the important point is the programs here are
inhibited from sharing. You trying to block is
much sharing as you can. Now, here's an example
that will hopefully get you thinking a little
bit about the Internet. Bank web servers are
all over the place. When you do banking over
the web you go through one. Attackers have been known to do what's called the
distributed denial of service attack where they
simply flood the bank servers. Their hope is to prevent people, legitimate users from
accessing the server. In terms of the principle
of Least Common Mechanism, now why would this work? Also think about, while
you're thinking about that, think also about what an effective countermeasure
might be. I'll give you a minute
to look for that one. Okay, in terms of principles
of Least Common Mechanism, look for things that are shared. What is shared here between the attackers and
the legitimate users? Well, it's the Internet
or network connection. So that's why it works in
terms of the principles. Effectively, what's happening is the attackers are trying to block your access by overwhelming the common channel you both are using to get
to the bank servers. So in terms of
an effective countermeasure, you need somehow to prevent
the attacker from doing that. Unfortunately, there's not really a good way to do that yet. One thing banks can do
is shuffle the suspect traffic off to another network or block it at the router level. Then allow the other
connections to go through, the ones that they
believe are legitimate. So that in effect
is saying, okay, at the place where you start sharing the channel to the bank, we're going to
block the bad folks so that only the good folks
can use the channel. That in fact, is one
of the ways that you protect against distributed
denial of service attacks.